[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Freedombox-discuss] Onion Pi

On Tue, Sep 17, 2013 at 3:57 PM, Nick Daly <nick.m.daly at gmail.com> wrote:

> If your destinations are using SSL (like they should) MITM is less of
> an issue.  The lovely HttpsEverywhere Firefox/Iceweasel extension
> makes this as simple as possible (and should definitely be installed
> on any client device).

Both SSL/TLS itself and HTTPS Everywhere
https://www.eff.org/https-everywhere
are definitely worth using, but neither necessarily gives much
resistance to MITM (man-in-the-middle) attacks.
http://en.citizendium.org/wiki/Man-in-the-middle_attack

MITM involves the attacker posing as someone else. The
defense is cryptographic authentication that lets you be
certain you are talking to the real server, not an impostor.
SSL/TLS uses x.509 certificates for authentication, and
that is not a reliable mechanism.

My Firefox default installation trusts more than 100
certificate authorities. Some of those are controlled
directly by governments seriously opposed to FBox
goals -- China, Syria, ...Others might be leaned on
by various governments, in particular some of the
largest are US companies. Some have admitted
selling bogus certs which let a company monitor its
employees web use to protect "intellectual property"
and corporate security. If that, why not sell to a
national security organisation? Some have been
broken into.
Reply to: